[Cryptography] New SSL/TLS certs to each live no longer than 47 days by 2029

iang iang at iang.org
Mon Apr 21 17:38:21 EDT 2025 

On 20/04/2025 18:13, Kent Borg wrote:

> I thought I saw someone here shrugging off the risk of MitM attacks. Be
> careful.

'twas me, heretic in chief.

The issue here is that SSL was brought in (from v1 to v2) because of the claim that MITMs would eat our lunch. That was an unevidenced claim, and since then, there has been no evidence that the MITM attack justifies that level of defence.

I'm not saying it does or doesn't - I'm saying we don't know. We're at the Ouija Board, we're preaching black magic, we're selling snake oil. Ashamed, we's be, but we can't keep ourselves away from the mystical hopium.

Be careful - unless you have *evidence of a persistent threat* you're not doing science.

> An awful lot of users connect via wifi, and, as flawed as the
> certificate system is, it makes it hard for random evil hotspots to
> pretend to be your bank or your e-mail. If we were back at plain http
> these attacks would be a big problem. The system does work…to the extent
> it works.

Which is (1) the evidence-free assertion. Are we protecting ourselves against a rainbow unicorn attack? It matters less if the defence works than if rainbow unicorns actually do attack. Risk management, of which infosec is a subset, prioritises attacks that happen over those that don't happen. In Risk Management this is called probability. Set that to zero, no need to defend.

One example: SSH was born because people discovered that internal attackers were eavesdropping root passwords on ethernet LANs, and hacking into machines. So RSH was updated to add keys & crypto. Problem solved correctly, because attacks were happening, and the solution stopped those attacks.

One counter-example: we have a lot of anecdotal examples of "oh, I spotted a wifi attack." But that anecdotal evidence doesn't translate to recorded hacks/losses/caught dirtbags/court cases... Story telling ain't science, it's tall tales and beer drinking.

And (2) if there was some scientific evidence to the email/bank threat, we might agree that only banks & email providers use certs. But there isn't, so everyone has to use certs?

> A different point: If bigish nation-state wants to MitM the connection
> to my bank, the certificate system is not the hard part. Just get a bent
> CA to issue the fake certificate they need. But mostly this isn't a big
> problem, nation-states mostly can't be bothered and have better options.

Yep, I'm trying not to get into who was incentivised to promote the CA solution :) :)

iang
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.metzdowd.com/pipermail/cryptography/attachments/20250421/a60f87dc/attachment.htm>

More information about the cryptography mailing list